idnits 2.17.1 draft-ietf-avt-srtp-not-mandatory-11.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 86: '... "we MUST implement strong security ...' Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (November 19, 2012) is 4175 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: A later version (-10) exists of draft-ietf-avtcore-rtp-security-options-01 == Outdated reference: A later version (-40) exists of draft-ietf-mmusic-rfc2326bis-30 == Outdated reference: A later version (-20) exists of draft-ietf-rtcweb-security-arch-05 -- Obsolete informational reference (is this intentional?): RFC 793 (Obsoleted by RFC 9293) -- Obsolete informational reference (is this intentional?): RFC 4614 (Obsoleted by RFC 7414) Summary: 1 error (**), 0 flaws (~~), 4 warnings (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group C. Perkins 3 Internet-Draft University of Glasgow 4 Intended status: Informational M. Westerlund 5 Expires: May 23, 2013 Ericsson 6 November 19, 2012 8 Securing the RTP Protocol Framework: Why RTP Does Not Mandate a Single 9 Media Security Solution 10 draft-ietf-avt-srtp-not-mandatory-11.txt 12 Abstract 14 This memo discusses the problem of securing real-time multimedia 15 sessions, and explains why the Real-time Transport Protocol (RTP), 16 and the associated RTP control protocol (RTCP), do not mandate a 17 single media security mechanism. Guidelines for designers and 18 reviewers of future RTP extensions are provided, to ensure that 19 appropriate security mechanisms are mandated, and that any such 20 mechanisms are specified in a manner that conforms with the RTP 21 architecture. 23 Status of this Memo 25 This Internet-Draft is submitted in full conformance with the 26 provisions of BCP 78 and BCP 79. 28 Internet-Drafts are working documents of the Internet Engineering 29 Task Force (IETF). Note that other groups may also distribute 30 working documents as Internet-Drafts. The list of current Internet- 31 Drafts is at http://datatracker.ietf.org/drafts/current/. 33 Internet-Drafts are draft documents valid for a maximum of six months 34 and may be updated, replaced, or obsoleted by other documents at any 35 time. It is inappropriate to use Internet-Drafts as reference 36 material or to cite them other than as "work in progress." 38 This Internet-Draft will expire on May 23, 2013. 40 Copyright Notice 42 Copyright (c) 2012 IETF Trust and the persons identified as the 43 document authors. All rights reserved. 45 This document is subject to BCP 78 and the IETF Trust's Legal 46 Provisions Relating to IETF Documents 47 (http://trustee.ietf.org/license-info) in effect on the date of 48 publication of this document. Please review these documents 49 carefully, as they describe your rights and restrictions with respect 50 to this document. Code Components extracted from this document must 51 include Simplified BSD License text as described in Section 4.e of 52 the Trust Legal Provisions and are provided without warranty as 53 described in the Simplified BSD License. 55 Table of Contents 57 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 58 2. RTP Applications and Deployment Scenarios . . . . . . . . . . . 3 59 3. RTP Media Security . . . . . . . . . . . . . . . . . . . . . . 4 60 4. RTP Session Establishment and Key Management . . . . . . . . . 5 61 5. On the Requirement for Strong Security in Framework 62 protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 63 6. Guidelines for Securing the RTP Protocol Framework . . . . . . 6 64 7. Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . 7 65 8. Security Considerations . . . . . . . . . . . . . . . . . . . . 8 66 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 8 67 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 8 68 11. Informative References . . . . . . . . . . . . . . . . . . . . 8 69 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 9 71 1. Introduction 73 The Real-time Transport Protocol (RTP) [RFC3550] is widely used for 74 voice over IP, Internet television, video conferencing, and other 75 real-time and streaming media applications. Despite this use, the 76 basic RTP specification provides only limited options for media 77 security, and defines no standard key exchange mechanism. Rather, a 78 number of extensions are defined that can provide confidentiality and 79 authentication of RTP media streams and RTP Control Protocol (RTCP) 80 messages. Other mechanisms define key exchange protocols. This memo 81 outlines why it is appropriate that multiple extension mechanisms are 82 defined rather than mandating a single security and keying mechanism. 84 The IETF policy on Strong Security Requirements for IETF Standard 85 Protocols [RFC3365] (the so-called "Danvers Doctrine") states that 86 "we MUST implement strong security in all protocols to provide for 87 the all too frequent day when the protocol comes into widespread use 88 in the global Internet". The mechanisms defined for use with RTP 89 allow these requirements to be met. However, since RTP is a protocol 90 framework that is suitable for a wide variety of use cases, there is 91 no single security mechanism that is suitable for every scenario. 92 This memo outlines why this is the case, and discusses how users of 93 RTP can meet the requirement for strong security. 95 This memo provides information for the community and for reviewers of 96 future RTP-related work in the IETF. It does not specify a standard 97 of any kind. 99 2. RTP Applications and Deployment Scenarios 101 The range of application and deployment scenarios where RTP has been 102 used includes, but is not limited to, the following: 104 o Point-to-point voice telephony (fixed and wireless networks) 106 o Point-to-point voice and video conferencing 108 o Centralised group video conferencing with a multipoint conference 109 unit (MCU) 111 o Any Source Multicast video conferencing (light-weight sessions; 112 Mbone conferencing) 114 o Point-to-point streaming audio and/or video 116 o Source-specific multicast (SSM) streaming to large group (IPTV and 117 3GPP Multimedia Broadcast Multicast Service (MBMS) [MBMS]) 119 o Replicated unicast streaming to a group 121 o Interconnecting components in music production studios and video 122 editing suites 124 o Interconnecting components of distributed simulation systems 126 o Streaming real-time sensor data (e.g., e-VLBI radio astronomy) 128 As can be seen, these scenarios vary from point-to-point to large 129 multicast groups, from interactive to non-interactive, and from low 130 bandwidth (kilobits per second) telephony to high bandwidth (multiple 131 gigabits per second) video and data streaming. While most of these 132 applications run over UDP [RFC0768], some use TCP [RFC0793], 133 [RFC4614] or DCCP [RFC4340] as their underlying transport. Some run 134 on highly reliable optical networks, others use low rate unreliable 135 wireless networks. Some applications of RTP operate entirely within 136 a single trust domain, others are inter-domain, with untrusted (and 137 potentially unknown) users. The range of scenarios is wide, and 138 growing both in number and in heterogeneity. 140 3. RTP Media Security 142 The wide range of application scenarios where RTP is used has led to 143 the development of multiple solutions for securing RTP media streams 144 and RTCP control messages, considering different requirements. 146 Perhaps the most widely applicable of these security options is the 147 Secure RTP (SRTP) framework [RFC3711]. This is an application-level 148 media security solution, encrypting the media payload data (but not 149 the RTP headers) to provide confidentiality, and supporting source 150 origin authentication as an option. SRTP was carefully designed to 151 be both low overhead, and to support the group communication and 152 third-party performance monitoring features of RTP, across a range of 153 networks. 155 SRTP is not the only media security solution in use, however, and 156 alternatives are more appropriate for some scenarios, and necessary 157 in some cases where SRTP is not suitable. For example, ISMAcryp 158 [ISMACrypt2] provides payload-level confidentiality that is 159 appropriate for certain types of streaming video application, but 160 that is not suitable for voice telephony (the range of available RTP 161 security options, and their applicability to different scenarios, is 162 outlined in [I-D.ietf-avtcore-rtp-security-options]). At present, 163 there is no media security protocol that is appropriate for all the 164 environments where RTP is used. Multiple RTP media security 165 protocols can be expected to remain in wide use for the foreseeable 166 future. 168 4. RTP Session Establishment and Key Management 170 A range of different protocols for RTP session establishment and key 171 exchange exist, matching the diverse range of use cases for the RTP 172 framework. These mechanisms can be split into two categories: those 173 that operate in-band on the media path, and those that are out-of- 174 band and operate as part of the session establishment signalling 175 channel. The requirements for these two classes of solution are 176 different, and a wide range of solutions have been developed in this 177 space. 179 A more detailed survey of requirements for media security management 180 protocols can be found in [RFC5479]. As can be seen, the range of 181 use cases is wide, and there is no single key management protocol 182 that is appropriate for all scenarios. These solutions have been 183 further diversified by the existence of infrastructure elements such 184 as authentication solutions that are tied into the key management. 185 Some of the available keying options for RTP sessions are described 186 in [I-D.ietf-avtcore-rtp-security-options], although this list is not 187 ensured to be exhaustive but include the ones known to the authors at 188 the time of publication. 190 5. On the Requirement for Strong Security in Framework protocols 192 The IETF requires that all protocols provide a strong, mandatory to 193 implement, security solution [RFC3365]. This is essential for the 194 overall security of the Internet, to ensure that all implementations 195 of a protocol can interoperate in a secure way. Framework protocols 196 offer a challenge for this mandate, however, since they are designed 197 for use by different classes of applications, in different 198 environments. The different use cases for the framework have 199 different security requirements, and implementations designed for 200 different environments are generally not expected to interwork. 202 RTP is an example of a framework protocol with wide applicability. 203 The wide range of scenarios described in Section 2 show the issues 204 that arise in mandating a single security mechanism for this type of 205 framework. It would be desirable if a single media security 206 solution, and a single key management solution, could be developed, 207 suitable for applications across this range of use scenarios. The 208 authors are not aware of any such solution, however, and believe it 209 is unlikely that any such solution will be developed. In part, this 210 is because applications in the different domains are not intended to 211 interwork, so there is no incentive to develop a single mechanism. 213 More importantly, though, the security requirements for the different 214 usage scenarios vary widely, and an appropriate security mechanism in 215 one scenario simply does not work for some other scenarios. 217 For a framework protocol, it appears that the only sensible solution 218 to the strong security requirement of [RFC3365] is to develop and use 219 building blocks for the basic security services of confidentiality, 220 integrity protection, authorisation, and authentication. When new 221 uses for the framework arise, they need to be studied to check if the 222 existing building blocks satisfy the requirements. A mandatory to 223 implement set of security building blocks can then be specified for 224 that usage scenario of the framework. 226 Therefore, when considering the strong and mandatory to implement 227 security mechanism for a specific class of applications, one has to 228 consider what security building blocks need to be supported. To 229 maximize interoperability it is important that common media security 230 and key management mechanisms are defined for classes of application 231 with similar requirements. The IETF needs to participate in this 232 selection of security building blocks for each class of applications 233 that use the protocol framework and are expected to interoperate 234 where IETF has the appropriate knowledge of the class of 235 applications. 237 6. Guidelines for Securing the RTP Protocol Framework 239 The IETF requires that protocols specify mandatory to implement (MTI) 240 strong security [RFC3365]. This applies to the specification of each 241 interoperable class of application that makes use of RTP. However, 242 RTP is a framework protocol, so the arguments made in Section 5 also 243 apply. Given the variability of the classes of application that use 244 RTP, and the variety of the currently available security mechanisms 245 described in [I-D.ietf-avtcore-rtp-security-options], no one set of 246 MTI security options can realistically be specified that apply to all 247 classes of RTP applications. 249 Documents that define an interoperable class of applications using 250 RTP are subject to [RFC3365] and need to specify MTI security 251 mechanisms. This is because such specifications do fully specify 252 interoperable applications that use RTP. Examples of such a 253 documents in development at the time of this writing would be the 254 RTCWEB Security Architecture [I-D.ietf-rtcweb-security-arch] and Real 255 Time Streaming Protocol 2.0 (RTSP) [I-D.ietf-mmusic-rfc2326bis]. It 256 is also expected that a similar document will be produced for voice- 257 over-IP applications using SIP and RTP. 259 The RTP framework can be extended in ways that do not specify an 260 interoperable class of applications. Two important extension points 261 are RTP Payload Formats and RTP Profiles. An RTP Payload Format 262 defines how the output of a media codec can be used with RTP. At the 263 time of this writing, there are over 70 RTP Payload Formats defined 264 in published RFCs, with more in development. It is appropriate for 265 an RTP payload format to discuss specific security implications of 266 using that codec with RTP. However, an RTP payload format does not 267 specify an interoperable class of applications that use RTP, and is 268 neither secure in itself, nor something to which [RFC3365] applies. 269 Future RTP payload format specifications ought to explicitly state 270 this, and include a reference to this memo for explanation. It is 271 not appropriate for an RTP payload format to mandate the use of SRTP 272 [RFC3711], or any other security building blocks, since that RTP 273 payload format might be used by different classes of application that 274 use RTP, and that have different security requirements. 276 RTP profiles are larger extensions that adapt the RTP framework for 277 use with particular classes of application. In some cases, those 278 classes of application might share common security requirements so 279 that it could make sense for an RTP profile to mandate particular 280 security options and building blocks (the RTP/SAVP profile [RFC3711] 281 is an example of this type of RTP profile). In other cases, though, 282 an RTP profile is applicable to such a wide range of applications 283 that it would not make sense for that profile to mandate particular 284 security building blocks be used (the RTP/AVPF profile [RFC4585] is 285 an example of this type of RTP profile, since it provides building 286 blocks that can be used in different styles of application). Any new 287 RTP profile needs to discuss if it makes sense to mandate particular 288 security building blocks be used with implementations of that 289 profile, but without the expectation that all RTP profiles will 290 mandate particular security solutions. RTP profiles that do not 291 specify an interoperable usage for a particular class of RTP 292 applications are neither secure in themselves, nor something to which 293 [RFC3365] applies; any future RTP profiles in this category need to 294 explicitly state this with justification, and include a reference to 295 this memo. 297 7. Conclusions 299 The RTP framework is used in a wide range of different scenarios, 300 with no common security requirements. Accordingly, neither SRTP 301 [RFC3711], nor any other single media security solution or keying 302 mechanism, can be mandated for all uses of RTP. In the absence of a 303 single common security solution, it is important to consider what 304 mechanisms can be used to provide strong and interoperable security 305 for each different scenario where RTP applications are used. This 306 will require analysis of each class of application to determine the 307 security requirements for the scenarios in which they are to be used, 308 followed by the selection of a mandatory to implement security 309 building blocks for that class of application, including the desired 310 RTP traffic protection and key-management. A non-exhaustive list of 311 the RTP security options available at the time of this writing is 312 outlined in [I-D.ietf-avtcore-rtp-security-options]. It is expected 313 that each class of application will be supported by a memo describing 314 what security options are mandatory to implement for that usage 315 scenario. 317 8. Security Considerations 319 This entire memo is about security. 321 9. IANA Considerations 323 None. 325 10. Acknowledgements 327 Thanks to Ralph Blom, Hannes Tschofenig, Dan York, Alfred Hoenes, 328 Martin Ellis, Ali Begen, Keith Drage, Ray van Brandenburg, Stephen 329 Farrell, and Sean Turner for their feedback. 331 11. Informative References 333 [I-D.ietf-avtcore-rtp-security-options] 334 Westerlund, M. and C. Perkins, "Options for Securing RTP 335 Sessions", draft-ietf-avtcore-rtp-security-options-01 336 (work in progress), October 2012. 338 [I-D.ietf-mmusic-rfc2326bis] 339 Schulzrinne, H., Rao, A., Lanphier, R., Westerlund, M., 340 and M. Stiemerling, "Real Time Streaming Protocol 2.0 341 (RTSP)", draft-ietf-mmusic-rfc2326bis-30 (work in 342 progress), July 2012. 344 [I-D.ietf-rtcweb-security-arch] 345 Rescorla, E., "RTCWEB Security Architecture", 346 draft-ietf-rtcweb-security-arch-05 (work in progress), 347 October 2012. 349 [ISMACrypt2] 350 "ISMA Encryption and Authentication, Version 2.0 release 351 version", November 2007. 353 [MBMS] 3GPP, "Multimedia Broadcast/Multicast Service (MBMS); 354 Protocols and codecs TS 26.346". 356 [RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, 357 August 1980. 359 [RFC0793] Postel, J., "Transmission Control Protocol", STD 7, 360 RFC 793, September 1981. 362 [RFC3365] Schiller, J., "Strong Security Requirements for Internet 363 Engineering Task Force Standard Protocols", BCP 61, 364 RFC 3365, August 2002. 366 [RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V. 367 Jacobson, "RTP: A Transport Protocol for Real-Time 368 Applications", STD 64, RFC 3550, July 2003. 370 [RFC3711] Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K. 371 Norrman, "The Secure Real-time Transport Protocol (SRTP)", 372 RFC 3711, March 2004. 374 [RFC4340] Kohler, E., Handley, M., and S. Floyd, "Datagram 375 Congestion Control Protocol (DCCP)", RFC 4340, March 2006. 377 [RFC4585] Ott, J., Wenger, S., Sato, N., Burmeister, C., and J. Rey, 378 "Extended RTP Profile for Real-time Transport Control 379 Protocol (RTCP)-Based Feedback (RTP/AVPF)", RFC 4585, 380 July 2006. 382 [RFC4614] Duke, M., Braden, R., Eddy, W., and E. Blanton, "A Roadmap 383 for Transmission Control Protocol (TCP) Specification 384 Documents", RFC 4614, September 2006. 386 [RFC5479] Wing, D., Fries, S., Tschofenig, H., and F. Audet, 387 "Requirements and Analysis of Media Security Management 388 Protocols", RFC 5479, April 2009. 390 Authors' Addresses 392 Colin Perkins 393 University of Glasgow 394 School of Computing Science 395 Glasgow G12 8QQ 396 UK 398 Email: csp@csperkins.org 400 Magnus Westerlund 401 Ericsson 402 Farogatan 6 403 Kista SE-164 80 404 Sweden 406 Email: magnus.westerlund@ericsson.com